Visible to the public Cross Layer Security (2014 Year in Review)

SoS Newsletter- Advanced Book Block



SoS Newsletter Logo

Cross Layer Security
(2014 Year in Review)


Protocol architectures traditionally followed strict layering principles to ensure interoperability, rapid deployment, and efficient implementation. But a lack of coordination between layers limits the performance of these architectures. More important, the lack of coordination may introduce security vulnerabilities and potential threat vectors. The literature cited here addresses the problems and opportunities available for cross layer security.  All were published in 2014. 


Farag, M.M.; Azab, M.; Mokhtar, B., "Cross-layer Security Framework For Smart Grid: Physical Security Layer," Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), 2014 IEEE PES, pp.1,7, 12-15 Oct. 2014. doi: 10.1109/ISGTEurope.2014.7028963 Security is a major challenge preventing wide deployment of the smart grid technology. Typically, the classical power grid is protected with a set of isolated security tools applied to individual grid components and layers ignoring their cross-layer interaction. Such an approach does not address the smart grid security requirements because usually intricate attacks are cross-layer exploiting multiple vulnerabilities at various grid layers and domains. We advance a conceptual layering model of the smart grid and a high-level overview of a security framework, termed CyNetPhy, towards enabling cross-layer security of the smart grid. CyNetPhy tightly integrates and coordinates between three interrelated, and highly cooperative real-time security systems crossing section various layers of the grid cyber and physical domains to simultaneously address the grid's operational and security requirements. In this article, we present in detail the physical security layer (PSL) in CyNetPhy. We describe an attack scenario raising the emerging hardware Trojan threat in process control systems (PCSes) and its novel PSL resolution leveraging the model predictive control principles. Initial simulation results illustrate the feasibility and effectiveness of the PSL.

Keywords: power system security; predictive control; process control; smart power grids; CyNetPhy PSL resolution; PCS; conceptual layering model; cooperative real-time security system; cross-layer security framework; hardware Trojan threat; isolated security tool; physical security layer; predictive control; process control system; smart power grid cyber technology; Control systems; Hardware; Hidden Markov models; Monitoring; Smart grids; Trojan horses; Cross-Layer Security; Physical Layer Security; Process Control Security; Smart Grid; Smart Grid Security  (ID#: 15-3839)



Jie Tang; Huan Huan Song; Fei Pan; Hong Wen; Bin Wu; Yixin Jiang; Xiaobin Guo; Zhen Chen, "A MIMO Cross-Layer Precoding Security Communication System," Communications and Network Security (CNS), 2014 IEEE Conference on, pp.500,501, 29-31 Oct. 2014. doi: 10.1109/CNS.2014.6997524 This paper proposed a MIMO cross-layer precoding secure communications via pattern controlled by higher layer cryptography. By contrast to physical layer security system, the proposed scheme could enhance the security in adverse situations where the physical layer security hardly to be deal with. Two One typical situation is considered. One is that the attackers have the ideal CSI and another is eavesdropper's channel are highly correlated to legitimate channel. Our scheme integrates the upper layer with physical layer secure together to gaurantee the security in real communication system. Extensive theoretical analysis and simulations are conducted to demonstrate its effectiveness. The proposed method is feasible to spread in many other communicate scenarios.

Keywords: MIMO communication; cryptography; precoding; telecommunication security; CSI;MIMO cross-layer precoding secure communications; MIMO cross-layer precoding security communication system; eavesdropper's channel; higher layer cryptography; physical layer security system; upper layer; Bit error rate; Educational institutions; MIMO; Modulation; Physical layer; Security; MIMO; physical layer security cross-layer security; precoding; random array  (ID#: 15-3840)



Lixing Song; Shaoen Wu, "Cross-layer Wireless Information Security," Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, pp.1,9, 4-7 Aug. 2014. doi: 10.1109/ICCCN.2014.6911744 Wireless information security generates shared secret keys from reciprocal channel dynamics. Current solutions are mostly based on temporal per-frame channel measurements of signal strength and suffer from low key generate rate (KGR), large budget in channel probing, and poor secrecy if a channel does not temporally vary significantly. This paper designs a cross-layer solution that measures noise-free per-symbol channel dynamics across both time and frequency domain and derives keys from the highly fine-grained per-symbol reciprocal channel measurements. This solution consists of merits that: (1) the persymbol granularity improves the volume of available uncorrelated channel measurements by orders of magnitude over per-frame granularity in conventional solutions and so does KGR; 2) the solution exploits subtle channel fluctuations in frequency domain that does not force users to move to incur enough temporal variations as conventional solutions require; and (3) it measures noise-free channel response that suppresses key bit disagreement between trusted users. As a result, in every aspect, the proposed solution improves the security performance by orders of magnitude over conventional solutions. The performance has been evaluated on both a GNU SDR testbed in practice and a local GNU Radio simulator. The cross-layer solution can generate a KGR of 24.07 bits per probing frame on testbed or 19 bits in simulation, although conventional optimal solutions only has a KGR of at most one or two bit per probing frame. It also has a low key bit disagreement ratio while maintaining a high entropy rate. The derived keys show strong independence with correlation coefficients mostly less than 0.05. Furthermore, it is empirically shown that any slight physical change, e.g. a small rotation of antenna, results in fundamentally different cross-layer frequency measurements, which implies the strong secrecy and high efficiency of the proposed solution.

Keywords: cryptography; entropy; telecommunication security; wireless channels; GNU SDR testbed; GNU radio simulator; KGR; antenna rotation; bit per probing frame; channel probing; correlation coefficients; cross-layer wireless information security; fine-grained per-symbol reciprocal channel measurements; frequency domain; high entropy rate; key generate rate; low key bit disagreement ratio; noise-free channel response; noise-free per-symbol channel; per-frame channel measurements; poor secrecy; reciprocal channel dynamics; security performance; signal strength; subtle channel fluctuations; uncorrelated channel measurement volume; Communication system security; Frequency measurement; Information security; Noise measurement; OFDM; Pollution measurement; Wireless communication  (ID#: 15-3841)



Yongle Hao; Yizhen Jia; Baojiang Cui; Wei Xin; Dehu Meng, "OpenSSL HeartBleed: Security Management of Implements of Basic Protocols," P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on, pp.520,524, 8-10 Nov. 2014. doi: 10.1109/3PGCIC.2014.148 With the rapid development of information technology, information security management is ever more important. OpenSSL security incident told us, there's distinct disadvantages of security management of current hierarchical structure, the software and hardware facilities are necessary to enforce security management on their implements of crucial basic protocols, in order to ease the security threats against the facilities in a certain extent. This article expounded cross-layer security management and enumerated 5 contributory factors for the core problems that management facing to.

Keywords: cryptographic protocols; OpenSSL HeartBleed; OpenSSL security; cross-layer security management; hardware facilities; hierarchical structure; information security management; information technology; protocols; secure socket layer; security threats; software facilities; Computers; Hardware; Heart beat; Information security; Protocols; Software  (ID#: 15-3842)



Mahmood, A.; Akbar, A.H., "Threats in End To End Commercial Deployments of Wireless Sensor Networks and Their Cross Layer Solution," Information Assurance and Cyber Security (CIACS), 2014 Conference on, pp. 15, 22, 12-13 June 2014. doi: 10.1109/CIACS.2014.6861325 Commercial Wireless Sensor Networks (WSNs) can be accessed through sensor web portals. However, associated security implications and threats to the 1) users/subscribers 2) investors and 3) third party operators regarding sensor web portals are not seen in completeness, rather the contemporary work handles them in parts. In this paper, we discuss different kind of security attacks and vulnerabilities at different layers to the users, investors including Wireless Sensor Network Service Providers (WSNSPs) and WSN itself in relation with the two well-known documents i.e., “Department of Homeland Security” (DHS) and “Department of Defense (DOD)”, as these are standard security documents till date. Further we propose a comprehensive cross layer security solution in the light of guidelines given in the aforementioned documents that is minimalist in implementation and achieves the purported security goals.

Keywords: telecommunication security; wireless sensor networks; Department of Defense; Department of Homeland Security; WSNSP; cross layer security solution; cross layer solution; end to end commercial deployments; security attacks; security goals; sensor web portals; standard security documents; wireless sensor network service providers; Availability; Mobile communication; Portals; Security; Web servers; Wireless sensor networks; Wireless sensor network; attacks; commercial; security; sensor portal; threats; web services  (ID#: 15-3843)



Datta, E.; Goyal, N., "Security Attack Mitigation Framework For The Cloud," Reliability and Maintainability Symposium (RAMS), 2014 Annual, pp.1,6, 27-30 Jan. 2014. doi: 10.1109/RAMS.2014.6798457 Cloud computing brings in a lot of advantages for enterprise IT infrastructure; virtualization technology, which is the backbone of cloud, provides easy consolidation of resources, reduction of cost, space and management efforts. However, security of critical and private data is a major concern which still keeps back a lot of customers from switching over from their traditional in-house IT infrastructure to a cloud service. Existence of techniques to physically locate a virtual machine in the cloud, proliferation of software vulnerability exploits and cross-channel attacks in-between virtual machines, all of these together increases the risk of business data leaks and privacy losses. This work proposes a framework to mitigate such risks and engineer customer trust towards enterprise cloud computing. Everyday new vulnerabilities are being discovered even in well-engineered software products and the hacking techniques are getting sophisticated over time. In this scenario, absolute guarantee of security in enterprise wide information processing system seems a remote possibility; software systems in the cloud are vulnerable to security attacks. Practical solution for the security problems lies in well-engineered attack mitigation plan. At the positive side, cloud computing has a collective infrastructure which can be effectively used to mitigate the attacks if an appropriate defense framework is in place. We propose such an attack mitigation framework for the cloud. Software vulnerabilities in the cloud have different severities and different impacts on the security parameters (confidentiality, integrity, and availability). By using Markov model, we continuously monitor and quantify the risk of compromise in different security parameters (e.g.: change in the potential to compromise the data confidentiality). Whenever, there is a significant change in risk, our framework would facilitate the tenants to calculate the Mean Time to Security Failure (MTTSF) cloud and allow - hem to adopt a dynamic mitigation plan. This framework is an add-on security layer in the cloud resource manager and it could improve the customer trust on enterprise cloud solutions.

Keywords: Markov processes; cloud computing; security of data; virtualisation; MTTSF cloud; Markov model; attack mitigation plan; availability parameter; business data leaks; cloud resource manager; cloud service; confidentiality parameter; cross-channel attacks; customer trust; enterprise IT infrastructure; enterprise cloud computing; enterprise cloud solutions; enterprise wide information processing system; hacking techniques; information technology; integrity parameter; mean time to security failure; privacy losses; private data security; resource consolidation; security attack mitigation framework; security guarantee; software products; software vulnerabilities; software vulnerability exploits; virtual machine; virtualization technology; Cloud computing; Companies; Security; Silicon; Virtual machining; Attack Graphs; Cloud computing; Markov Chain; Security; Security Administration  (ID#: 15-3844)



Rieke, R.; Repp, J.; Zhdanova, M.; Eichler, J., "Monitoring Security Compliance of Critical Processes," Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on, pp.552,560, 12-14 Feb. 2014. doi: 10.1109/PDP.2014.106 Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspects is growing in complexity with the increase in functionality, connectivity, and dynamics of process evolution. To tackle this complexity, the application of models is becoming standard practice. Considering today's frequent changes to processes, model-based support for security and compliance analysis is not only needed in pre-operational phases but also at runtime. This paper presents an approach to support evaluation of the security status of processes at runtime. The approach is based on operational formal models derived from process specifications and security policies comprising technical, organizational, regulatory and cross-layer aspects. A process behavior model is synchronized by events from the running process and utilizes prediction of expected close-future states to find possible security violations and allow early decisions on countermeasures. The applicability of the approach is exemplified by a misuse case scenario from a hydroelectric power plant.

 Keywords: {hydroelectric power stations; power system security; critical processes; hydroelectric power plant; model-based support; operational formal models; process behavior model; process specifications; process-aware information systems; security compliance; security policies; Automata; Business; Computational modeling; Monitoring; Predictive models; Runtime; Security; critical infrastructures; predictive security analysis; process behavior analysis; security information and event management; security modeling and simulation; security monitoring  (ID#: 15-3845)



Wen, H.; Tang, J.; Wu, J.; Song, H.; Wu, T.; Wu, B.; Ho, P.; Lv, S.; Sun, L., "A Cross-layer Secure Communication Model Based on Discrete Fractional Fourier Fransform (DFRFT)," Emerging Topics in Computing, IEEE Transactions on, vol. PP, no. 99, pp.1,1, 06 November 2014. doi: 10.1109/TETC.2014.2367415 Discrete fractional Fourier transform (DFRFT) is a generalization of discrete Fourier transform. There are a number of DFRFT proposals, which are useful for various signal processing applications. This paper nvestigates practical solutions toward the construction of unconditionally secure communication systems based on DFRFT via crosslayer approach. By introducing a distort signal parameter, the sender randomly flip-flops between the distort signal parameter and the general signal parameter to confuse the attacker. The advantages of the legitimate partners are guaranteed. We extend the advantages between legitimate partners via developing novel security codes on top of the proposed cross-layer DFRFT security communication model, aiming to achieve an error-free legitimate channel while preventing the eavesdropper from any useful information. Thus, a cross-layer strong mobile communication secure model is built.

Keywords: Constellation diagram; Discrete Fourier transforms; Distortion; Flip-flops; OFDM; Security; DFRFT; Physical layer security; crosslayer; security code  (ID#: 15-3846)



Sabaliauskaite, G.; Mathur, A.P., "Countermeasures to Enhance Cyber-physical System Security and Safety," Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International, pp.13, 18, 21-25 July 2014. doi: 10.1109/COMPSACW.2014.6 An application of two Cyber-Physical System (CPS) security countermeasures - Intelligent Checker (IC) and Cross-correlator - for enhancing CPS safety and achieving required CPS safety integrity level is presented. ICs are smart sensors aimed at detecting attacks in CPS and alerting the human operators. Cross-correlator is an anomaly detection technique for detecting deception attacks. We show how ICs could be implemented at three different CPS safety protection layers to maintain CPS in a safe state. In addition, we combine ICs with the cross-correlator technique to assure high probability of failure detection. Performance simulations show that a combination of these two security countermeasures is effective in detecting and mitigating CPS failures, including catastrophic failures.

Keywords: data integrity; fault diagnosis; security of data; CPS failure detection; CPS failure mitigation; CPS safety integrity level; CPS safety protection layers; CPS security countermeasures; IC; anomaly detection technique; catastrophic failures; cross-correlator; cyber-physical system safety; cyber-physical system security; deception attack detection; intelligent checker; smart sensors; Integrated circuits; Process control; Robot sensing systems; Safety; Security; ISA-84; cross-correlator; cyber-attacks; cyber-physical systems; intelligent checkers; safety; safety instrumented systems; security  (ID#: 15-3846)



Syrivelis, Dimitris; Paschos, Georgios S.; Tassiulas, Leandros, "VirtueMAN: A Software-Defined Network Architecture For Wifi-Based Metropolitan Applications," Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2014 IEEE 19th International Workshop on, pp.95,99, 1-3 Dec. 2014. doi: 10.1109/CAMAD.2014.7033213 Metropolitan scale WiFi deployments face several challenges including controllability and management, which prohibit the provision of Seamless Access, Quality of Service (QoS) and Security to mobile users. Thus, they remain largely an untapped networking resource. In this work, a SDN-based network architecture is proposed; it is comprised of a distributed network-wide controller and a novel datapath for wireless access points. Virtualization of network functions is employed for configurable user access control as well as for supporting an IP-independent forwarding scheme. The proposed architecture is a flat network across the deployment area, providing seamless connectivity and reachability without the need of intermediary servers over the Internet, enabling thus a wide variety of localized applications, like for instance video surveillance. Also, the provided interface allows for transparent implementation of intra-network distributed cross-layer traffic control protocols that can optimize the multihop performance of the wireless network.

Keywords: Authentication; Heart beat; IEEE 802.11 Standards; Internet; Mobile communication; Protocols; Quality of service  (ID#: 15-3847)



Ponti, C.; Pajewski, L.; Schettini, G., "Simulation of Scattering By Cylindrical Targets Hidden Behind A Layer," Ground Penetrating Radar (GPR), 2014 15th International Conference on, pp.560, 564, June 30 2014-July 4 2014. doi: 10.1109/ICGPR.2014.6970486 Through-wall sensing of hidden objects is a topic that is receiving a wide interest in several application contexts, especially in the field of security. The success of the object retrieval relies on accurate scattering models as well as on reliable inversion algorithms. In this paper, a contribution to the modeling of direct scattering for Through-Wall Imaging applications is given. The approach deals with hidden scatterers that are circular cross-section metallic cylinders placed below a dielectric layer, and it is based on an analytical-numerical technique implementing Cylindrical Wave Approach. As the burial medium of the scatterers may be a dielectric of arbitrary permittivity, general problems of scattering by hidden objects may be considered.  When the burial medium is filled with air, the technique can simulate objects concealed in a building interior. Otherwise, simulation of geophysical problems of targets buried in a layered soil can be performed. Numerical results of practical cases are reported in the paper, showing the potentialities of the technique for its use in inversion algorithms.

Keywords: buried object detection; electromagnetic wave scattering; geophysical techniques; image processing; numerical analysis; analytical-numerical technique; buried targets; cylindrical targets; cylindrical wave approach; hidden objects; hidden scatterers; inversion algorithms; object retrieval; scattering models; through-wall imaging applications; through-wall sensing; Atmospheric modeling; Dielectrics; Electromagnetic scattering; Reliability; Slabs; buried objects; electromagnetic scattering; fourier analysis; through-wall scattering  (ID#: 15-3848)



Crisan, D.; Birke, R.; Barabash, K.; Cohen, R.; Gusat, M., "Datacenter Applications in Virtualized Networks: A Cross-Layer Performance Study," Selected Areas in Communications, IEEE Journal on, vol. 32, no. 1, pp. 77, 87, January 2014. doi: 10.1109/JSAC.2014.140108 Datacenter-based Cloud computing has induced new disruptive trends in networking, key among which is network virtualization. Software-Defined Networking overlays aim to improve the efficiency of the next generation multitenant datacenters. While early overlay prototypes are already available, they focus mainly on core functionality, with little being known yet about their impact on the system level performance. Using query completion time as our primary performance metric, we evaluate the overlay network impact on two representative datacenter workloads, Partition/Aggregate and 3-Tier. We measure how much performance is traded for overlay's benefits in manageability, security and policing. Finally, we aim to assist the datacenter architects by providing a detailed evaluation of the key overlay choices, all made possible by our accurate cross-layer hybrid/mesoscale simulation platform.

Keywords: cloud computing; computer centres; overlay networks; software radio; virtualisation; cloud computing; cross layer hybrid mesoscale simulation platform; cross layer performance study; datacenter applications; datacenter workloads; network virtualization; overlay network; software defined networking overlays; virtualized networks; Delays; Encapsulation; Hardware; IP networks; Protocols; Servers; Virtualization; datacenter networks; network virtualization; overlay networks; software-defined networking  (ID#: 15-3849)



Mendes, L.D.P.; Rodrigues, J.J.P.C.; Lloret, J.; Sendra, S., "Cross-Layer Dynamic Admission Control for Cloud-Based Multimedia Sensor Networks," Systems Journal, IEEE, vol. 8, no. 1, pp. 235, 246, March 2014. doi: 10.1109/JSYST.2013.2260653 Cloud-based communications system is now widely used in many application fields such as medicine, security, environment protection, etc. Its use is being extended to the most demanding services like multimedia delivery. However, there are a lot of constraints when cloud-based sensor networks use the standard IEEE 802.15.3 or IEEE 802.15.4 technologies. This paper proposes a channel characterization scheme combined to a cross-layer admission control in dynamic cloud-based multimedia sensor networks to share the network resources among any two nodes. The analysis shows the behavior of two nodes using different network access technologies and the channel effects for each technology. Moreover, the existence of optimal node arrival rates in order to improve the usage of dynamic admission control when network resources are used is also shown. An extensive simulation study was performed to evaluate and validate the efficiency of the proposed dynamic admission control for cloud-based multimedia sensor networks.

Keywords: IEEE standards; Zigbee; channel allocation; cloud computing; control engineering computing; multimedia communication; telecommunication congestion control; wireless sensor networks; channel characterization scheme; channel effects; cloud-based communications system; cloud-based sensor networks; cross-layer admission control; cross-layer dynamic admission control; dynamic cloud-based multimedia sensor networks; extensive simulation study; multimedia delivery; network access technology; network resources; optimal node arrival rates; standard IEEE 802.15.3 technology; standard IEEE 802.15.4 technology; Admission control; cloud computing; cross-layer design; multimedia communications; sensor networks  (ID#: 15-3850)



Jialing Mo; Qiang He; Weiping Hu, "An Adaptive Threshold De-Noising Method Based on EEMD," Signal Processing, Communications and Computing (ICSPCC), 2014 IEEE International Conference on, pp.209,214, 5-8 Aug. 2014. doi: 10.1109/ICSPCC.2014.6986184 In view of the difficulty in selecting wavelet base and decomposition level for wavelet-based de-noising method, this paper proposes an adaptive de-noising method based on Ensemble Empirical Mode Decomposition (EEMD). The autocorrelation, cross-correlation method is used to adaptively find the signal-to-noise boundary layer of the EEMD in this method. Then the noise dominant layer is filtered directly and the signal dominant layer is threshold de-noised. Finally, the de-noising signal is reconstructed by each layer component which is de-noised. This method solves the problem of mode mixing in Empirical Mode Decomposition (EMD) by using EEMD and combines the advantage of wavelet threshold. In this paper, we focus on the analysis and verification of the correctness of the adaptive determination of the noise dominant layer. The simulation experiment results prove that this de-noising method is efficient and has good adaptability.

Keywords: correlation theory; filtering theory; signal denoising; signal reconstruction; wavelet transforms; EEMD; adaptive determination correctness analysis; adaptive determination correctness verification; adaptive threshold de-noising method; autocorrelation method; cross-correlation method; de-noised layer component; de-noising signal reconstruction; decomposition level selection; ensemble empirical mode decomposition; mode mixing problem; noise dominant layer filtering; signal-to-noise boundary layer; threshold de-noised signal dominant layer; wavelet base selection; wavelet threshold; wavelet-based de-noising method; Correlation; Empirical mode decomposition; Noise reduction; Signal to noise ratio; Speech; White noise; Adaptive; Ensemble Empirical Mode Decomposition; Threshold De-noising; Wavelet Analysis  (ID#: 15-3851)



Aiyetoro, G.; Takawira, F., "A Cross-layer Based Packet Scheduling Scheme for Multimedia Traffic in Satellite LTE Networks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp. 1, 6, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6813994 This paper proposes a new cross-layer based packet scheduling scheme for multimedia traffic in satellite Long Term Evolution (LTE) network which adopts MIMO technology. The Satellite LTE air interface will provide global coverage and hence complement its terrestrial counterpart in the provision of mobile services (especially multimedia services) to users across the globe. A dynamic packet scheduling scheme is very important towards actualizing an effective utilization of the limited available resources in satellite LTE networks without compromise to the Quality of Service (QoS) demands of multimedia traffic. Hence, the need for an effective packet scheduling algorithm cannot be overemphasized. The aim of this paper is to propose a new scheduling algorithm tagged Cross-layer Based Queue-Aware (CBQA) Scheduler that will provide a good trade-off among QoS, fairness and throughput. The newly proposed scheduler is compared to existing ones through simulations and various performance indices have been used. A land mobile dual-polarized GEO satellite system has been considered for this work.

Keywords: Long Term Evolution; MIMO communication ;artificial satellites; land mobile radio; mobile satellite communication; multimedia communication; packet radio networks; quality of service; telecommunication traffic; CBQA scheduler; Long Term Evolution; MIMO technology; cross-layer based packet scheduling algorithm; cross-layer based queue-aware scheduler; global coverage; land mobile dual-polarized GEO satellite system; mobile services; multimedia traffic QoS demands; quality of service; satellite LTE air interface; satellite LTE network; terrestrial counterpart; Delays; MIMO; Quality of service; Satellite broadcasting; Satellites; Scheduling algorithms; Throughput  (ID#: 15-3852)



Sarikaya, Y.; Ercetin, O.; Koksal, C.E., "Confidentiality-Preserving Control of Uplink Cellular Wireless Networks Using Hybrid ARQ," Networking, IEEE/ACM Transactions on, vol. PP, no. 99, pp.1, 1, 26 June 2014. doi: 10.1109/TNET.2014.2331077 We consider the problem of cross-layer resource allocation with information-theoretic secrecy for uplink transmissions in time-varying cellular wireless networks. Particularly, each node in an uplink cellular network injects two types of traffic, confidential and open at rates chosen in order to maximize a global utility function while keeping the data queues stable and meeting a constraint on the secrecy outage probability. The transmitting node only knows the distribution of channel gains. Our scheme is based on Hybrid Automatic Repeat Request (HARQ) transmission with incremental redundancy. We prove that our scheme achieves a utility, arbitrarily close to the maximum achievable. Numerical experiments are performed to verify the analytical results and to show the efficacy of the dynamic control algorithm.

Keywords: Automatic repeat request; Base stations; Decoding; Heuristic algorithms; Mutual information; Uplink; Wireless networks; Cross-layer optimization; hybrid automatic repeat request (ARQ); physical-layer security  (ID#: 15-3853)



Elwell, J.; Riley, R.; Abu-Ghazaleh, N.; Ponomarev, D., "A Non-Inclusive Memory Permissions Architecture For Protection Against Cross-Layer Attacks," High Performance Computer Architecture (HPCA), 2014 IEEE 20th International Symposium on, pp.201,212, 15-19 Feb. 2014. doi: 10.1109/HPCA.2014.6835931 Protecting modern computer systems and complex software stacks against the growing range of possible attacks is becoming increasingly difficult. The architecture of modern commodity systems allows attackers to subvert privileged system software often using a single exploit. Once the system is compromised, inclusive permissions used by current architectures and operating systems easily allow a compromised high-privileged software layer to perform arbitrary malicious activities, even on behalf of other software layers. This paper presents a hardware-supported page permission scheme for the physical pages that is based on the concept of non-inclusive sets of memory permissions for different layers of system software such as hypervisors, operating systems, and user-level applications. Instead of viewing privilege levels as an ordered hierarchy with each successive level being more privileged, we view them as distinct levels each with its own set of permissions. Such a permission mechanism, implemented as part of a processor architecture, provides a common framework for defending against a range of recent attacks. We demonstrate that such a protection can be achieved with negligible performance overhead, low hardware complexity and minimal changes to the commodity OS and hypervisor code.

Keywords: security of data; storage management; supervisory programs; arbitrary malicious activities; complex software stack protection; cross-layer attack protection; hardware complexity; hardware-supported page permission scheme; high-privileged software layer; hypervisor code; modern commodity systems; modern computer system protection; noninclusive memory permissions architecture; operating systems;ordered hierarchy; performance overhead; permission mechanism; privilege level; privileged system software; processor architecture; user-level applications; Hardware; Memory management; Permission; System software; Virtual machine monitors  (ID#: 15-3854)



Juzi Zhao; Subramaniam, S.; Brandt-Pearce, M., "Intradomain and Interdomain QoT-aware RWA for Translucent Optical Networks," Optical Communications and Networking, IEEE/OSA Journal of, vol. 6, no. 6, pp.536, 548, June 2014. doi: 10.1364/JOCN.6.000536 Physical impairments in long-haul optical networks mandate that optical signals be regenerated within the (so-called translucent) network. Being expensive devices, regenerators are expected to be allocated sparsely and must be judiciously utilized. Next-generation optical-transport networks will include multiple domains with diverse technologies, protocols, granularities, and carriers. Because of confidentiality and scalability concerns, the scope of network-state information (e.g., topology, wavelength availability) may be limited to within a domain. In such networks, the problem of routing and wavelength assignment (RWA) aims to find an adequate route and wavelength(s) for lightpaths carrying end-to-end service demands. Some state information may have to be explicitly exchanged among the domains to facilitate the RWA process. The challenge is to determine which information is the most critical and make a wise choice for the path and wavelength(s) using the limited information. Recently, a framework for multidomain path computation called backward-recursive path-computation (BRPC) was standardized by the Internet Engineering Task Force. In this paper, we consider the RWA problem for connections within a single domain and interdomain connections so that the quality of transmission (QoT) requirement of each connection is satisfied, and the network-level performance metric of blocking probability is minimized. Cross-layer heuristics that are based on dynamic programming to effectively allocate the sparse regenerators are developed, and extensive simulation results are presented to demonstrate their effectiveness.

Keywords: dynamic programming; multipath channels; probability; telecommunication network routing; telecommunication security; wavelength assignment; wavelength division multiplexing; BRPC; Internet Engineering Task Force; backward-recursive path-computation; blocking probability; confidentiality concerns; cross-layer heuristics; dynamic programming; end-to-end service demands; interdomain  QoT-aware RWA; intradomain QoT-aware RWA; multidomain path computation; network-level performance metric minimization; network-state information; next-generation optical-transport networks; optical signal regeneration; physical impairments; quality-of-transmission requirement; routing-and-wavelength assignment problem; scalability concerns; translucent long-haul optical networks; wavelength division multiplexing-based optical networks; Availability; Bit error rate; Heuristic algorithms; Nonlinear optics; Optical fiber networks; Repeaters; Routing; Backward recursive path computation (BRPC);Cross-layer RWA; Dynamic programming; Multidomain; Physical impairments; Translucent optical networks  (ID#: 15-3855)



Jia-Lun Tsai, "An Improved Cross-Layer Privacy-Preserving Authentication in WAVE-Enabled VANETs," Communications Letters, IEEE, vol. 18, no. 11, pp. 1931, 1934, Nov. 2014. doi: 10.1109/LCOMM.2014.2323291 In 2013, Biswas and Misic proposed a new privacy-preserving authentication scheme for WAVE-based vehicular ad hoc networks (VANETs), claiming that they used a variant of the Elliptic Curve Digital Signature Algorithm (ECDSA). However, our study has discovered that the authentication scheme proposed by them is vulnerable to a private key reveal attack. Any malicious receiving vehicle who receives a valid signature from a legal signing vehicle can gain access to the signing vehicle private key from the learned valid signature. Hence, the authentication scheme proposed by Biswas and Misic is insecure. We thus propose an improved version to overcome this weakness. The proposed improved scheme also supports identity revocation and trace. Based on this security property, the CA and a receiving entity (RSU or OBU) can check whether a received signature has been generated by a revoked vehicle. Security analysis is also conducted to evaluate the security strength of the proposed authentication scheme.

Keywords: data privacy; digital signatures; private key cryptography; public key cryptography; telecommunication security; vehicular ad hoc networks; ECDSA; WAVE-based vehicular ad hoc networks; WAVE-enabled VANET; elliptic curve digital signature algorithm; identity revocation; identity trace; improved cross-layer privacy-preserving authentication scheme; legal signing vehicle; malicious receiving vehicle; private key reveal attack; receiving entity; security analysis; security strength evaluation; valid signature; Authentication; Digital signatures; Elliptic curves; Law; Public key; Vehicles; Privacy-preserving; VANETs ;authentication scheme; elliptic curve digital signature algorithm (ECDSA) (ID#: 15-3856)



Guyue Li; Aiqun Hu, "An Approach To Resist Blind Source Separation Attacks Of Speech Signals," Communications Security Conference (CSC 2014), 2014, pp.1,7, 22-24 May 2014. doi: 10.1049/cp.2014.0738 Recently, there has been great interest in the physical layer security technique which exploits the artificial noise (AN) to enlarge the channel condition between the legitimate receiver and the eavesdropper. However, in certain communication scenery, this strategy may suffer from some attacks in the signal processing perspective. In this paper, we consider speech signals and the scenario in which the eavesdropper has the similar channel performance compared to the legitimate receiver. We design the optimal artificial noise (AN) to resist the attack of the eavesdropper who uses the blind source separation (BSS) technology to reconstruct the secret information. The Optimal AN is obtained by making a tradeoff between results of direct eavesdropping and reconstruction. The simulation results show that the AN we proposed has better performance than that of the white Gaussian AN to resist the BSS attacks effectively.

Keywords: Physical layer security; artificial noise; blind source separation (BSS); cross correlation coefficient  (ID#: 15-3857)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.